Plantronics + Polycom. Now together as Poly Logo

Polycom IP Phones Pprovisioning

YK
Occasional Visitor

Polycom IP Phones Pprovisioning

I am sure that this is a popular topic I would appreciate any help or information

Recently hacking and fraud has become the norm, therefore we are rethinking if are current provisioning strategy is up to speed, we are responsible for approximately 4000 Polycom IP phones.....

We currently have a FTP server with all the provisioning files which includes the phones unique registration credentials.

Unfortunately to my knowledge there is no way of keeping the passwords encrypted on the FTP server so this is issue number one if someone is successful of hacking into our FTP server they got everything they need.

The files transferring from the FTP server to the phones while transferring if someone is able to hack into the network and capture the packets they could very easily extract the passwords.

Therefore I'm coming to you to ask which solutions are the most recommended and is there any providers selling just this part as a service helping provisioning or do you have any products from Polycom itself providing so doing mass provisioning and management.

Thanks

Message 1 of 4
3 REPLIES 3
Polycom Employee & Community Manager

Re: Polycom IP Phones Pprovisioning

Hello YK,

 

welcome to the Polycom Community.

 

You could utilize HTTPS or FTPS Provisioning or encrypt the configuration Files.

 

You will need to contact Polycom Support as described in this documentation => here <=

 

Best Regards

 

Steffen Baier

 

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 4
Occasional Visitor

Re: Polycom IP Phones Pprovisioning

Thanks Steffen.

 

We are attempting what we thought would be simpler, having the phones connect to the provisioning server via FTP(S) to download their configuration files. We're not concerned about the phone encrypting its log or settings files when it sends them back to the provisioning server, we just want the phones to authenticate and download securely to prevent "man-in-the-middle" attacks.

 

Based on the list of Certificate Authorities (in this doc) trusted by SoundPoint phones we purchased a GeoTrust certificate and configured our FTP server (vsftpd) to use that cert and force SSL for login and data transfer. We confirmed this works with an FTP(S) client application (Transmit on Mac).

 

However when we configure a SoundPoint 331 to use FTP(S) it tells us it can't contact the boot server. Prior to forcing SSL we had vsftp running as a normal (no SSL) FTP server and verified that this phone could connect via FTP to the same server and download its config files.

 

Can you tell us what we're doing wrong? Thanks in advance for any wisdom you can pass our way.

Message 3 of 4
Occasional Visitor

Re: Polycom IP Phones Pprovisioning

Oops I think we figured out the problem. I was thinking "FTP(S)" meant explicit SSL on port 21. The Soundpoint refers to implicit SSL on port 990 as "FTP(S)" and the version of vsftpd we're running doesn't support implicit SSL. Going to try to upgrade to a newer version of vsftpd that does support implicit SSL and try again. Will post back if it works.

Message 4 of 4